My Comodo fails Shields up.

Hi, Just installed Comodo to test it out on my “spare PC”. The PC is connected to the main PC via a crossover cable (using ICS) and the Main PC connects to the internet via an ADSL modem.

To test comodo I stopped my firewall on my Main PC and ran the shields up test of common ports.

It failed with the following:

port 135 and 445 OPEN
all other ports closed but not stealthed.

Comodo reports my protection strength as “Excellent” and the only rules that seem to exist in network monitor are:

0 Allow IP Out Any Any WHERE IPPROTO IS ANY
1 block IP In Any Any WHERE IPPROTO IS ANY

Can anyone help please?

thanks.

This may be because it is the main pc being tested not your spare pc, although i’m unsure on this.

The rules you have for network monitor are the same as what I have and it passes shields up.

Can you go to network monitor and right click on block>>edit
put a tick in the box that says create an alert if this rule is fired and click OK.

Re-run shields up and see if in the comodo firewall logs there has been any port scans from the any if the following IP addresses: 4.79.142.192 -thru- 4.79.142.207.

Mike

I tried all the shields up tests and passed them all except 1, and use IE and cable.

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since “Ping” is among the oldest and most common methods used to locate systems prior to further exploitation.

Can I setup comodo to stop ping replies?

Hi,

You were right about the ICS. It was testing the main PC and not the slave PC. No firewall runnning on main PC = fails shields up.

Thanks for the help.

Your welcome. Glad you found out why.

By default Comodo should not allow a reply to these ping requests. Have you changed any settings since you installed?

Hello Mike

No I haven’t changed any of the default settings, but I have changed application access rules like stopping explorer from having access through the wall.

Thanks
j mayo

Are you behind a router? It could be a problem of the routers firewall. If yes check for a firmware update on its support site, and run the test again.

hey pandlouk
so are you saying that the router could be responding to the ping before it gets to the firewall?
thanks j

Yes. I have seen it happen at the router of a friend of mine. Check the settings on your router, probably the problem is there :wink:

ps for testing the firewall of my router, I had enabled the option DMZ of the router ( for allowing port forwarding at all ports on my computer) and closed the firewall on the pc; some of the ports were stealthed but others where just closed.

ok pandlouk, I have never poked around with the router and its firewall before, but I’ll try it out and I am sure that your advice will make sense then. Out of interest, could the firewall router be the cause of the lack of stealth on my udp ports?

It depends. What Network Monitor rules do you use on CPF?

Out of interest, could the firewall router be the cause of the lack of stealth on my udp ports?
If you're testing from the internet, your hardware (router) firewall is being tested. So yes this can be the cause. :)

This is exact but only if you don’t use NAT. If you use port forwarding at a port then at this specific port the firewall on the pc is being tested :wink:

Yeah you’re right. ;D

I don’t have any :-X, should I have? All the other protocols are stealthed automatically by comodo.

What do you mean? Did you change anything in the Network Monitor? By default it’ll allow IP Out and block IP In. :slight_smile:

Comodo>Security>Network Monitor.

Don’t worry, you don’t have too (exept maybe 2 rules for your internal network). In your chase most probably the router must be the cause, unless you have port forwarding or DMZ enabled on the router.

Ok pandlouk, I’ll have a go at the cable router, although I didn’t install it, and there are 4 pcs connected to the cable router, each sepearately connected and not networked. Are port forwarding and DMZ be physical switches on the cable router, and if so what should they be set to?

System weren’t those rules automatically created when you installed comodo the first time, they were for me. :slight_smile: but I haven’t had to create any extra network rules and when I did the stealth test at www.pcflank.com, all of the protocols were stealthed except the udp protocol.

The first thing you have to do ( if you want to have max security is to disable DMZ and UPNP on the router; UPNP is not supported by all routers). Then if you want to use P2P applications like emule you will have to activate NAT and port forwarding on the ports those programs use.

But it can be a little complicated because not all routers have the same configuration.
If you want send me a private message with the link of the instructions for the router which you can find at the support site of the company that fabricates it. So I can give it a look and be more specific on the answers :wink: